CVE-2008-3811Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-3997 documents4 sources
Severity
7.8HIGHNVD
EPSS
1.9%
top 16.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedSep 26
Latest updateMay 2

Description

Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDcisco/ios17 versions+16

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

4
GHSA
GHSA-cgmg-28mj-xfpc: Cisco IOS 122022-05-02
GHSA
GHSA-q6pw-h64c-4qqr: Cisco IOS 122022-05-02
CVEList
CVE-2008-3811: Cisco IOS 122008-09-26
CVEList
CVE-2008-3810: Cisco IOS 122008-09-26

📋Vendor Advisories

1
Cisco
Cisco IOS NAT Skinny Call Control Protocol Vulnerability2008-09-24
CVE-2008-3811 — Improper Input Validation in Cisco IOS | cvebase